Snitz Forums Down.ASP HTTP响应拆分攻击漏洞

漏洞信息详情

Snitz Forums Down.ASP HTTP响应拆分攻击漏洞

• CNNVD编号：CNNVD-200409-036
• 危害等级： 中危
  
  
• CVE编号：
  CVE-2004-1687
  
• 漏洞类型：
  
  
  输入验证
  
• 发布时间：
  
  2004-09-16
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2006-08-24
  
• 厂        商：
  
  snitz_communications
• 漏洞来源：
  .’);”>Discovery of this …

Snitz Forums 2000 3.4.04版本的down.asp存在CRLF注入漏洞。远程攻击者借助location参数执行HTTP响应拆分攻击来修改期望的服务器HTML内容。

The vendor has released an updated to address this vulnerability:
Snitz Forums 2000 Snitz Forums 2000 3.0

• Snitz Forums 2000 sf2k_v34_05.zip
  
  http://forum.snitz.com/download.asp

Snitz Forums 2000 Snitz Forums 2000 3.1

• Snitz Forums 2000 sf2k_v34_05.zip
  
  http://forum.snitz.com/download.asp

Snitz Forums 2000 Snitz Forums 2000 3.3

• Snitz Forums 2000 sf2k_v34_05.zip
  
  http://forum.snitz.com/download.asp

Snitz Forums 2000 Snitz Forums 2000 3.3 .02

• Snitz Forums 2000 sf2k_v34_05.zip
  
  http://forum.snitz.com/download.asp

Snitz Forums 2000 Snitz Forums 2000 3.3 .03

• Snitz Forums 2000 sf2k_v34_05.zip
  
  http://forum.snitz.com/download.asp

Snitz Forums 2000 Snitz Forums 2000 3.3 .01

• Snitz Forums 2000 sf2k_v34_05.zip
  
  http://forum.snitz.com/download.asp

Snitz Forums 2000 Snitz Forums 2000 3.4 .03

• Snitz Forums 2000 sf2k_v34_05.zip
  
  http://forum.snitz.com/download.asp

Snitz Forums 2000 Snitz Forums 2000 3.4 .04

• Snitz Forums 2000 sf2k_v34_05.zip
  
  http://forum.snitz.com/download.asp

Snitz Forums 2000 Snitz Forums 2000 3.4 .02

• Snitz Forums 2000 sf2k_v34_05.zip
  
  http://forum.snitz.com/download.asp

来源: XF
名称: snitz-response-splitting(17421)
链接:http://xforce.iss.net/xforce/xfdb/17421

来源: BID
名称: 11201
链接:http://www.securityfocus.com/bid/11201

来源: SECUNIA
名称: 12590
链接:http://secunia.com/advisories/12590

来源: BUGTRAQ
名称: 20040916 ADVISORY: security hole (http response splitting) in snitz forums
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=109537195413691&w=2

来源: forum.snitz.com
链接:http://forum.snitz.com/forum/topic.asp?ARCHIVE=true&TOPIC_ID=54791